Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.

I am learning and using Web API and need to implement following Authentication mechanism:

Very First call to Web API will be a Handshaking (Login and token sharing). Login Method of the Web API will be called with the proper credentials, once approved a GUID based Token will be returned to the Client( A Jquery or Windows based). Token will be expired after some configurable time.

Till then, client should be able to communicate with the WebAPI with sharing the same token value with every requests, thus wouldn't need to authenticate each call.

For having Token in each call, it is quite possible to have it in each QueryString or have it in each param of the Web API method.

But, I am looking for the possibilities Where Token can be embedded with the HTTPRequestHeader via JQuery (using AJAX calls) or Windows based clients. I would like if you guys could help me to identify the fair approach to implement this system and perils in advance.

share|improve this question

2 Answers

up vote 1 down vote accepted

You can modify the headers in jQuery using beforeSend method when using jQuery Ajax.

Adding / Modifying HTTP Request Headers using HttpClient is no problem.

Maybe Thinktecture.IdentityModel.Http will support your described scenario soon: Thread: Web API Sample for Thinktecture.IdentityModel at WebApiContrib Google Group

Some token based authentication mechanism like SWT and SAML 1.1 / 2.0 are already implemented in Thinktecture.IdentityModel.Http.

share|improve this answer

You could use HTTP authentication which uses plain text to send user name and password, so to protect it you could use SSL.

An excellent article could be found here

share|improve this answer
That will completely change the way of implementing the Authentication in the target Web API. I need to follow the decided protocols. – Sumeet Jun 15 '12 at 7:03

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.